The conference centered on some of the latest developments in the field of cybersecurity and left me thinking about some of the lessons learned over the past decade. Here are three trends and technologies that took off in the past decade and what we can learn from them.

Eliminating Security Siloes

One of the major business challenges of the past decade is associated with siloed and often disconnected data and tools – slowing operational effectiveness and the ability to deliver innovative products and services. Never mind the introduction of massive security risk. An industry-led solution to this challenge was a major announcement from the conference – the introduction of a global, multi-vendor cybersecurity ecosystem, the Open Cybersecurity Alliance (OCA) through the OASIS international consortium.

OCA gets its legs from the fact that, on average, organizations use between 25 and 49 different security tools from up to 10 different vendors. This is both time consuming and expensive as well as making it difficult to integrate security tools into established operational environments.

The OCA provides out-of-the-box integrations between these tools to foster an open cybersecurity ecosystem, enable the free exchange of information and orchestrate responses via commonly developed code and tools, using agreed upon tech, standards and procedures. The OCA already has two main projects underway. The first is IBM Security’s STIX-Shifter, which is dedicated to the development of a search function for cybersecurity products. The second is McAfee’s OpenDXL, an interoperable messaging format that helps organizations share information.

CyberArk is proud to be a founding member, and the only Privileged Access Management (PAM) vendor in the Alliance. We view eliminating silos as a way of not only increasing the usability of each respective security solution in an organization’s stack, but also helping organizations to share information with each other about best practices. We’d like to see this trend continue into the ‘20s.

However, as I heard a MasterCard security practitioner neatly summarize during a session about AI, “If you automate a broken process, you’re just doing dumb stuff faster.” This highlighted, for me, a key feature of AI systems. AI can provide insights and increase efficiency, but it can’t fix the underlying problems in your system.

AI is only as good as the processes they automate and the people who manage them. What we’ve learned from this past decade is that AI must be paired with smart policies, human engagement and other tools, like Robotic Process Automation (RPA), to reach its potential.

Fortunately, advances in security analytics have been able to dramatically operationalize and improve threat intelligence and response, key components of the SOC. Additionally, by having various data shared from tools, people and processes across the network, intelligently identifying threats is more possible now than ever before. Consequently, the SOC has gotten smarter and smarter about detecting and mitigating threats and likely will continue to be able to better automate intelligence and respond to threats to minimize damage.

For more information about CyberArk and to learn what you can do to secure your organization’s most critical systems, please check out the ways in which we help organizations secure privileged access.

Previous Article

The Top Cybersecurity Trends That Will Shape 2020

As we embark on a new year, it’s normal to think about what the future will have in store for us. From a cy...

Next Article

New Open Source Offerings Simplify Securing Kubernetes

In advance of the upcoming KubeCon 2019 (CyberArk booth S55), the flagship event for all things Kubernetes ...